<![CDATA[Sistem Informasi Manajemen Akademik Teknik Informatika (IFApps) merupakan aplikasi berbasis web yang digunakan di Universitas Muhammadiyah Pontianak untuk mendukung proses akademik, termasuk pengelolaan tugas akhir dan kerja praktek. Seiring meningkatnya ancaman siber, diperlukan pengujian keamanan untuk memastikan aplikasi bebas dari kerentanan. Penelitian ini berfokus pada pengujian keamanan IFApps menggunakan metode Penetration Testing dengan bantuan OWASP ZAP. Pengujian dilakukan melalui beberapa tahapan, seperti pemindaian pasif, pemindaian aktif, serta pengujian kontrol akses yang bertujuan mendeteksi celah keamanan. Hasil penelitian menunjukkan kerentanan pada SQL Injection dan ketiadaan konfigurasi Content Security Policy (CSP), yang berdampak pada aspek Confidentiality, Integrity, dan Availability aplikasi. Sebagai langkah mitigasi, penelitian ini merekomendasikan penggunaan prepared statements, validasi input, serta pengaturan CSP yang lebih ketat. Melalui penelitian ini, diharapkan keamanan IFApps dapat ditingkatkan sehingga data dan fungsionalitasnya terlindungi dari ancaman siber Kata kunci: Broken Access Control, OWASP ZAP, SQL Injection, Content Security Policy, Penetration Testing. Abstract Informatics Engineering Academic Management Information System (IFApps) is a web-based application used at Universitas Muhammadiyah Pontianak to support academic processes, including the management of final assignments and practical work. As cyber threats increase, security testing is needed to ensure the application is free from vulnerabilities. This research focuses on security testing of IFApps using Penetration Testing method with the help of OWASP ZAP. Testing is done through several stages, such as passive scanning, active scanning, and Access Control testing aimed at detecting security holes. The results showed vulnerabilities in SQL Injection and the absence of Content Security Policy (CSP) configuration, which had an impact on the Confidentiality, Integrity, and Availability aspects of the application. As a mitigation measure, this research recommends the use of prepared statements, input validation, and stricter CSP settings. Through this research, it is hoped that the security of IFApps can be improved so that its data and functionality are protected from cyber threats. Keywords: Broken Access Control, OWASP ZAP, SQL Injection, Content Security Policy, Penetration Testing.]]>
Copyrights © 2025
